Hi, Robert Buecheler <rf.buecheler@gmail.com> [20070407 14:30:45 -0500]:
please forgive me, I'm fairly new in this and don't understand much of syslog-ng. I am trying to log messages from my linksys router (192.168.1.1) The port that linksys mentions is (514), but when I run ethereal, the destination port seems to be [snmptrap (162)] (the origin port on the router varies)
[snipped]
can somebody help?
SNMP TRAP messages are not syslog messages. SNMP is a 'simple' system used to get data such as byte counters and memory usage values on remote systems, such as routers and even servers. SNMP trap messages are configured on the remote system to alert/inform (usually) a central system that some event has occurred; for example a disk has neared capacity or a CPU is overheating. Sorry but what you are trying to do is not going to work, syslog-ng will not read SNMP trap information.
From looking on the Internet I can see why you are getting confused. Seems Linksys have decided in their infinite wisdom to use SNMP trap messages for logging :-/
Have a look at the following: http://freshmeat.net/projects/linksysd/ Using this on your system instead (or to the relay onto syslog-ng after converting the snmp trap alerts to syslog messages) should help you along. Have fun Alex [1] http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#SNMPv2_and_S...